[go: up one dir, main page]

US8869040B2 - Application sharing security - Google Patents

Application sharing security Download PDF

Info

Publication number
US8869040B2
US8869040B2 US12/983,840 US98384011A US8869040B2 US 8869040 B2 US8869040 B2 US 8869040B2 US 98384011 A US98384011 A US 98384011A US 8869040 B2 US8869040 B2 US 8869040B2
Authority
US
United States
Prior art keywords
sharing
computer
presenter
display
participant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12/983,840
Other versions
US20110099496A1 (en
Inventor
Diane Baek
Jean-Laurent Huynh
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US12/983,840 priority Critical patent/US8869040B2/en
Publication of US20110099496A1 publication Critical patent/US20110099496A1/en
Application granted granted Critical
Publication of US8869040B2 publication Critical patent/US8869040B2/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Assigned to MICROSOFT CORPORATION reassignment MICROSOFT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: JEAN-LAURENT HUYNH
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/148Migration or transfer of sessions

Definitions

  • the present invention relates to the field of securely allowing remote users to share computer applications from a remote computer.
  • Application sharing also known as two-way sharing, allows a computer user to share control of his or her computer with a remote user.
  • Application sharing can take any of several forms, including single application sharing, desktop sharing, or view sharing.
  • Single application sharing allows one or more meeting participants to control a single application, while limiting the remote user's input and control of the sharing presenter's computer to that single application.
  • Desktop sharing allows one or more meeting participants to view and control the entire visible portion of the sharing presenter's display. In either case, the visible portions of the desktop are displayed to all meeting participants, however the two forms differ in the amount of control or input allowed to the remote user.
  • View sharing also known as one-way sharing, allows one or more meeting participants to view, but not control the visible portion of the sharing presenter's computer.
  • An application sharing session is also referred to as a meeting, and may consist of one or more remote computers, each controlled by a user, or meeting participant.
  • meeting participants includes all attendees and presenters in a meeting.
  • Meeting participants include at least one sharing presenter and at least one sharing participant.
  • the sharing presenter is the participant who allows others to control his or her computer (sharing control).
  • the sharing participant is the meeting participant to whom the sharing presenter has granted sharing control.
  • a method, apparatus and computer-readable medium for facilitating application sharing is disclosed.
  • a user selects at least one of a plurality of applications operating on a first computer to share with at least a second computer.
  • the first computer user selects at least one of a plurality of security measures for preventing a user operating the second computer from performing at least one of a plurality of unauthorized operations.
  • the first computer user initiates applications sharing on the first computer, wherein the user operating the second computer may access or observe an application running on the first computer, but may not perform any unauthorized operations on the first computer.
  • FIG. 1 is a depiction of an exemplary data processing network in which the present invention may be practiced
  • FIG. 2 is a block diagram depiction of a computer upon which the present invention may operate
  • FIG. 3 is a representation of a sharing frame in accordance with one embodiment of the present invention.
  • FIG. 4 is a representation of a sharing frame in accordance with a second embodiment of the present invention.
  • FIG. 5 is a representation of a sharing frame in accordance with a third embodiment of the present invention.
  • FIG. 6 is a representation of a sharing frame in accordance with a fourth embodiment of the present invention.
  • FIG. 7 is a representation of a sharing frame in accordance with a fifth embodiment of the present invention.
  • FIG. 8 is a detailed flowchart depicting the operation of the present invention in accordance with an exemplary embodiment.
  • FIG. 9 depicts an image of a computer display during operation of the present invention.
  • a process is generally conceived to be a sequence of computer-executed steps leading to a desired result. These steps generally require logical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical, magnetic, or optical signals capable of being stored, transferred, combined, compared, or otherwise manipulated. It is conventional for those skilled in the art to refer to these signals as bits, values, elements, symbols, characters, terms, objects, numbers, records, files or the like. It should be kept in mind, however, that these and similar terms should be associated with appropriate physical quantities for computer operations, and that these terms are merely conventional labels applied to physical quantities that exist within and during operation of the computer.
  • the operating environment in which the present invention is used encompasses general distributed computing systems wherein general-purpose computers, workstations, or personal computers are connected via communication links of various types.
  • programs and data are made available by various members of the system.
  • An application sharing meeting is accomplished using a sharing frame.
  • the sharing presenter's computer displays an application to be shared and a User Interface (UI) for controlling the sharing facility.
  • the sharing participant's computer displays an image of some or all of the sharing presenter's computer display.
  • Data processing network 100 includes a plurality of individual networks, including LANs 42 and 44 , each of which includes a plurality of individual computers 10 .
  • a LAN may comprise a plurality of intelligent workstations coupled to a host processor.
  • LAN 44 may be directly coupled to another LAN (not shown), a mainframe 54 or a gateway server 58 .
  • Gateway server 58 is preferably an individual computer or intelligent workstation that serves to indirectly link LAN 42 to LAN 44 .
  • Data processing network 100 may also include multiple servers in addition to server 58 .
  • Mainframe computers 46 and 54 may be preferably coupled to computer 10 , LAN 44 and server 58 by communications links 48 , 52 and 56 , respectively. More specifically, link 48 is used to couple mainframe computer ( 46 and 54 ) to computer 10 ; link 52 is used to couple mainframe computer ( 46 and 54 ) to LAN 44 ; and link 56 is used to couple mainframe computer ( 46 and 54 ) directly to server 58 (indirectly to LAN 42 ).
  • a communication link refers to any means for connecting two computing devices together, including Internet, Intranet, Extranet, ISDN, DSL, LAN and any future connection systems. The communication link can be provided by wired lines such as cable, optical lines, or telephone lines.
  • Mainframe computers 46 and 54 may also be coupled to storage devices 50 and 60 , respectively, which may serve as remote storage for LANs 44 and 42 , respectively.
  • server 58 may be located a great geographic distance from the LAN 42 .
  • the LAN 44 may be located a substantial distance from the LAN 42 .
  • a system in accordance with embodiments of the present invention comprises a plurality of computers 10 and associated servers and mainframes.
  • the servers may be generally similar to the computers 10 including a central processing unit, display device, memory and operator input device.
  • computer 10 may also perform operations described herein as being performed by server 58
  • server 58 may perform operations described herein as being performed by computer 10 .
  • the distributed system may comprise any one of a number of types of networks over which workstations and servers communicate, including LANs, wide area networks (WANs), Intranets, the Internet and any other networks that distribute processing and share data among a plurality of nodes.
  • a number of intermediate local servers may connect server 58 , and LANs 42 and 44 via network 100 to individual computers 10 . All of these configurations, as well as the appropriate communications hardware and software, are known in the art.
  • FIG. 2 illustrates a block diagram of computer 10 as shown in FIG. 1 .
  • Computer 10 includes CPU 201 , RAM 202 , ROM 203 , user interface adapter 216 , keyboard 218 , mouse 220 , display adapter 224 , display device 230 and network interface 56 .
  • Network interface 56 links computer 10 to network 100 .
  • CPU 201 is preferably connected to each of the elements of computer 10 via bus 214 .
  • CPU 201 executes program instructions stored in RAM 202 and ROM 203 to perform various functions of the present invention.
  • computer 10 is described as being implemented with a single CPU 201 , in alternative embodiments, computer 10 could be implemented with a plurality of processors operating in parallel or in series.
  • CPU 201 is preferably programmed to receive data from, and transmit information to, network interface 56 in response to user requests.
  • Network interface 56 receives data streams from CPU 201 and network 100 formatted according to respective communication protocols.
  • Network interface 56 reformats the data streams appropriately and relays the data streams to network 100 and CPU 201 , as necessary.
  • Network interface 56 preferably accommodates several different communication protocols including Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP).
  • HTTP Hypertext Transfer Protocol
  • FTP File Transfer Protocol
  • application sharing is the process whereby an administrator, organizer or presenter specifies the level of access that a remote user may have to a presenter's computer.
  • application sharing is implemented through the use of a sharing frame displayed on the presenter's computer.
  • FIG. 3 there is shown a depiction of a sharing frame 300 that may be shown on a presenter's computer in accordance with one embodiment of the present invention.
  • sharing frame 300 comprises a Start View Sharing button 310 , an Application Sharing menu 320 , a Sharing Status message 330 , and an Application menu 340 .
  • Sharing frame 300 is a frame that may be used to encircle all or part of a presenter computer's display. An image of the data enclosed in sharing frame 300 will be immediately transmitted to a remote user. Any portion of the display outside of sharing frame 300 is not visible to a remote user.
  • the presenter may add/delete shared applications and windows, add/delete users, and add/delete filters by activating ‘Application Sharing’ menu 320 .
  • Sharing Status message 330 changes from “Now Stopped” to ‘Now Showing,’
  • ‘Start View Sharing’ button 310 changes to ‘Stop View Sharing’, and a sharing icon 410 is displayed.
  • the presenter controls which applications will be shared with one or more remote users by placing the applications sought to be shared inside the sharing frame.
  • the presenter alternatively, may share all of her applications with a remote user (desktop sharing), by re-sizing sharing frame 300 to be substantially the same length and width as the presenter's display. In so doing, every application executing on the presenter's display will also be available for sharing on the remote user's computer. If items of the presenter's display such as applications, icons, or the desktop appear in that area of the screen, and the transmission is enabled, then the sharing participants can see them (and potentially control them). Sharing frame 300 allows the presenter to determine quickly and easily if remote participants can see or control applications on the presenter's computer.
  • the selection of a particular application for sharing may be performed as follows.
  • the sharing presenter may select, such as by “clicking on” a particular icon associated with an application outside of sharing frame 300 to indicate which application the presenter would like to place inside of sharing frame 300 (i.e., share).
  • the sharing module (not shown) operating on the presenter's computer may then automatically resize sharing frame 300 to accommodate the new icon, or sharing module may simply move an image of the selected icon into the current sharing frame 300 .
  • the sharing presenter may similarly select an application by typing in the application's name (or identifier), or otherwise indicating the application to be shared.
  • one embodiment of the present invention may display one or more graphical cues on the presenter's display and/or the user's display to quickly remind the presenter and/or the participant that at least one other computer is sharing applications.
  • the application sharing control user interface (UI) itself may indicate remote access.
  • a sharing frame 300 may change color to indicate ‘view’ sharing versus ‘application’ sharing. The color should change to a color that is sufficiently different from the original color to be noticeable to the user. For example, the color of the frame may normally be brown. Changing the color to a color such as red would be noticeable without unnecessarily alarming the presenter or user.
  • multiple textual cues may remind the sharing presenter that a remote user has access to her computer.
  • a message may appear on the title bar of the frame as another cue. This message may remind the presenter that another participant has control of the presenting computer and the name of the sharing participant. Since the frame can be resized, potentially truncating the message, the variably sized name of the participant may be placed at the end of the message and the instructions informing the presenter how to end the sharing, such as “ESC to stop,” may appear at the beginning of the message.
  • This consistent location may have changing graphical or textual cues.
  • a status bar can provide a consistent location and icons may provide the small and easily identifiable graphical cues.
  • An icon similar to icon 410 may be shown, or an icon similar to the icon depicted below may be shown.
  • the figure in the left column may represent the sharing presenter
  • the figure in the right column may represent the sharing participant.
  • the arrow from left to right represents the data for the presentees display sent from the presenter's computer to the participant's computer
  • the arrow from right to left represents the sharing participant's ability to send keyboard, mouse, and other input to the sharing presenter's computer.
  • the upper arrow may blink giving an indication that someone is remotely controlling the computer.
  • this interactive icon may be displayed on all computers participating in a sharing session to inform the other users when someone else is controlling the application.
  • the sharing module transmits an identical screen image of the data depicted in sharing frame 300 to the one or more remote user's display.
  • the sharing module (not shown) may share inputs from users by transmitting mouse clicks, keyboard inputs, or other input received from a user through the shared application.
  • a user may be granted access to the presenter's entire desktop (desktop sharing), or to one or more applications operating on the presenter's desktop (application sharing). If the presenter does not want to share a particular application, she can move (i.e., use a mouse to click and drag) the application's icon outside of the sharing frame.
  • the presenter When the presenter opens one or more windows for a particular application (e.g., the presenter may open one or more individual WordTM documents), she may further limit sharing to a subset of the total windows for each application (e.g., one WordTM document). If no part of that window is visible within the frame, then the sharing participant cannot move that window into view even if that window is part of the shared application.
  • the presenter can further refine what is shared and what is not shared by sharing a different size and portion of the screen.
  • the frame may be moved, reshaped, or resized to represent which portion of the screen to share. If desired, the sharing presenter could position and resize multiple windows and then position the frame around those windows hiding all of the desktop background.
  • the native application on the presenter's computer, calls a process (e.g., the GetWindowThreadProcessld) on the selected window, and saves the returned process id.
  • GetWindowThreadProcessId is called on the window of future mouse and keyboard events. If that process id does not match the saved process id, then those events are ignored.
  • the implementation allows most application's spawned windows [e.g. Open dialogs, Find dialogs, Tool bars, etc.] to be shared along with the selected window. If, however, the application uses a separate process for these other windows, then these other windows will not be shared.
  • the de-selection of a particular application may be performed similarly to the process performed when an application is selected for sharing.
  • the sharing presenter may select a particular icon or window inside sharing frame 300 that the presenter would no longer like to share.
  • the presenter may activate a different button on the mouse or she may press a different key on the keyboard to indicate that she would like to deselect the window or application.
  • the sharing module (not shown) operating on the presenter's computer may then automatically resize sharing frame 300 to exclude the new icon. Alternatively, sharing module may simply move the icon outside of sharing frame 300 without changing the size of sharing frame 300 .
  • the presenter may want finer controls to provide a remote user with less than full access to the application. For example, a presenter may choose to provide a remote user with access to a particular application, but limit the number of functions associated with that application that the remote user may access. Examples of finer controls include controls to limit visual access and interactive control to visible portions of the screen.
  • menu bars from the shared application may provide more control to remote users.
  • a sharing presenter might want to share a single document, but a remote user could open up other documents using the ‘Open’ option (not shown) on the File menu.
  • FIG. 3 shows an exemplary sharing frame in which a user can access the commands in the menu bar.
  • a sharing participant could open up dialogs that were intended to be shared such as the ‘Save’ option (not shown).
  • an application might display a mini-Explorer window allowing the sharing participant to traverse the file system hierarchy. By right clicking one of those files, the sharing participant could accidentally delete it or even launch another application using the “Open with . . . ” (not shown) menu feature.
  • menu bars Different ways to disable menu bars include hiding the menu outside of the viewable portion of the screen, disallowing the ability to click on these menus, masking out the menu ( FIG. 7 ), or disallowing right clicks on icons. Remote access to menu bars may be automatically limited or specifically limited by the presenter.
  • Window borders may also permit access to functionality that the sharing presenter may not wish to share.
  • FIG. 5 there is shown a window containing sizing controls.
  • a sharing participant accessing FIG. 5 could resize the shared windows or move windows exposing previously hidden or private information. Also, a sharing participant could accidentally close or minimize the windows, allowing access to other windows hidden behind the previously open window.
  • one solution is to automatically resize a graphical sharing frame around the application window to crop out the window border of the window containing the sizing controls.
  • Another solution is to gray out the window controls (shown in FIG. 6 ).
  • a sharing presenter desiring to provide remote users with access to such sizing controls may grant control of these functions by resizing the frame to show this border.
  • FIG. 7 there is shown another embodiment of a sharing frame 300 in accordance with an alternate embodiment. In FIG. 7 , the menu and window borders are grayed out to prevent a sharing participant from accessing the menu or the sizing controls.
  • Some keystrokes or inputs may provide a remote user undesired control over the presenter's computer, such as by changing the state of the presenter's computer. For example, a remote user depressing the ‘CAPS LOCK’ key could modify the presenter's desktop by causing all letters inputted to appear in capital form.
  • one embodiment of the present invention may implement controls to filter out other input from a mouse, keyboard, or other input devices on the remote user's side.
  • inputs are transmitted to the sharing presenter's computer where the keyboard events are entered and processed as if they were input at the presenter's computer.
  • the sharing module (not shown) on the participant's computer may maintain the state of the sharing participant's CAPS LOCK key. If the sharing participant's CAPS LOCK was enabled, then each keyboard event is simulated as an event with the shift key modifier. The keystroke transmitted to the presenter's computer could then be modified prior to transmission to the presenter's computer, negating any need to change the state of the presenter's computer. Consequently, the image depicted on the user's computer will portray one image (all caps), while the presenter's computer will display a second image (normal capitalization). This same principle may be applied to prevent a remote user from performing unauthorized operations. That is, if a remote user attempts to access a menu item or resize a window, sharing module may filter the input from the incoming data stream to prevent the unauthorized input from adversely affecting the presenter's computer.
  • the sharing module saves the settings chosen by the user. For example, the user may specify that sharing with participant “A” will filter out sizing controls, and menu bars. The next time the user attempts to share the same application with the same participant, the sharing module will reinstate these same options. Then, if the options are changed, the new settings will be saved for a subsequent sharing session.
  • the sharing presenter should always be in control. If necessary, she should be able to easily and quickly deny control to the sharing participant.
  • Providing a “panic button” that is easily known and remembered may be a valuable method of retaining ultimate control.
  • One possible consistent method is a short series of keystrokes or a single keystroke (e.g., button 310 ). For example, when a presenter has granted control to a sharing participant, she can decide to revoke that ability and stop application sharing by pressing the ESC key. In one embodiment, a presenter may vocally guide the sharing participant away from private areas or destructive features like the Delete option.
  • FIG. 8 there is shown a detailed flowchart depicting the use and operation of an embodiment of the present invention.
  • software for executing the process depicted in FIG. 8 is loaded into RAM 202 for execution on microprocessor 201 .
  • processing begins in step 810 when a first user (organizer) enters the appropriate keystrokes or mouse clicks to invoke computer 10 .
  • the organizer enters the names (or other network identifiers) of the other participants (invitees).
  • FIG. 9 An example of a display that may be depicted on the organizer's computer is shown in FIG. 9 .
  • display 900 may include a numerical count of the number of participants present.
  • step 820 the user privileges may be specified.
  • User privileges can be used to maintain the controls and access which particular users are able to give, receive, set up, or otherwise change. “User” includes any one of the following individuals, an administrator, an organizer, a presenter or a participant.
  • An administrator is charged with setting the boundaries of the controls allowed to other users. For example, an administrator may limit the amount of control one user may grant to another user. More specifically, an administrator may allow an organizer to grant sharing control or may prohibit organizers from setting up a meeting in which control is granted to other users. An organizer sets up a meeting in which presenter(s) and participant(s) share control of a computer or computers. The organizer may grant any controls allowed by the administrator.
  • the security level may be specified: (A) for the entire community of users; (B) for a group of users in the community; (C) on a meeting-by-meeting basis; or (D) on an individual basis.
  • the ability to globally control application sharing for an entire community of users may be desirable. For example, these controls could activate all application sharing, single application sharing only, or view sharing only or these controls could disable all application sharing for a particular community of users. If disabling is requested, no user in that community can use application sharing and no meetings in the community will have any application sharing capability. If view sharing only is requested, an organizer may allow presenters in the community to show other participants an application remotely, but presenters may not grant participants control of the application. If single application sharing only is requested, then organizers may create meetings with single application sharing capability. Presenters may grant participants control of a single application, but cannot grant control over all windows or icons visible within the frame. If all application sharing capability is requested, then organizers may create meetings with any type of sharing capability.
  • Controls allowing an administrator to give certain users or groups of users more privileges may alternatively be desirable. If some presenters need more application sharing capability, an administrator may set individual privileges for each presenter. These privileges would allow presenters to grant privileges to each user based on various factors including the level of technical sophistication of each user, the degree of user interaction required, and the level of technical sophistication of the subject matter to be discussed. For example, a user may be given the privilege to only share a single application when that user is created by an administrator. At creation time, the administrator may have three options for granting users application sharing privileges:
  • An organizer in a community also may want to specify different application sharing abilities for a particular session. For example, once the administrator has set up a user, the organizer could then in turn decide how sophisticated a particular meeting is when scheduling a meeting. The organizer could turn on only what is granted by the administrator. When scheduling or modifying a meeting in this example, a fully privileged user would see the follow choices:
  • step 820 processing flows to step 830 where the applications to-be-shared are selected.
  • the presenter may select applications by logically placing them inside sharing frame 300 or by simply identifying the applications and relying on sharing module (not shown) to automatically resize sharing frame 300 to accommodate the new application.
  • sharing module not shown
  • the present invention provides an efficient system and method for providing application sharing security.
  • the present invention has been described in relation to particular embodiments, which are intended in all respects to be illustrative rather than restrictive. Those skilled in the art will appreciate that many different combinations of hardware will be suitable for practicing the present invention. Many commercially available substitutes, each having somewhat different cost and performance characteristics, exist for each of the components described above.
  • aspects of the present invention are described as being stored in memory, one skilled in the art will appreciate that these aspects can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or CD-ROMs; a carrier wave from the Internet; or other forms of RAM or ROM.
  • the method of the present invention may conveniently be implemented in program modules that are based upon the flow charts in FIG. 8 . No particular programming language has been indicated for carrying out the various procedures described above because it is considered that the operations, steps and procedures described above and illustrated in the accompanying drawings are sufficiently disclosed to permit one of ordinary skill in the art to practice the instant invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • User Interface Of Digital Computer (AREA)
  • Storage Device Security (AREA)

Abstract

A method, apparatus and computer-readable medium for facilitating application sharing. In operation, a user selects at least one of a plurality of applications operating on a first computer to share with at least a second computer. The user then selects at least one of a plurality of security measures for preventing a user operating the second computer from performing at least one of a plurality of unauthorized operations. Next, the user initiates applications sharing on the first computer, wherein the user operating the second computer may access or observe an application running on the first computer, but may not perform any unauthorized operations on the first computer.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims the benefit of U.S. provisional application Ser. No. 60/374,151, filed Apr. 22, 2002, the disclosure of which is hereby incorporated by reference herein.
DESCRIPTION OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of securely allowing remote users to share computer applications from a remote computer.
2. Background of the Invention
Application sharing, also known as two-way sharing, allows a computer user to share control of his or her computer with a remote user. Application sharing can take any of several forms, including single application sharing, desktop sharing, or view sharing. Single application sharing allows one or more meeting participants to control a single application, while limiting the remote user's input and control of the sharing presenter's computer to that single application. Desktop sharing allows one or more meeting participants to view and control the entire visible portion of the sharing presenter's display. In either case, the visible portions of the desktop are displayed to all meeting participants, however the two forms differ in the amount of control or input allowed to the remote user. View sharing, also known as one-way sharing, allows one or more meeting participants to view, but not control the visible portion of the sharing presenter's computer.
An application sharing session is also referred to as a meeting, and may consist of one or more remote computers, each controlled by a user, or meeting participant. The term “meeting participants” includes all attendees and presenters in a meeting. Meeting participants include at least one sharing presenter and at least one sharing participant. The sharing presenter is the participant who allows others to control his or her computer (sharing control). The sharing participant is the meeting participant to whom the sharing presenter has granted sharing control.
In the course of an application sharing meeting, it is not only necessary for the sharing presenter to be able to grant sharing control to other users, but it is also useful for the sharing presenter to be able to control, or limit the ability of remote sharing participants to input and/or control the application and the sharing presenter's computer.
It is accordingly a feature of the invention to permit users to securely access applications or desktops of a remote computer, while maintaining the security of the desktop to which they are granting access.
SUMMARY OF THE INVENTION
In accordance with the present invention, a method, apparatus and computer-readable medium for facilitating application sharing is disclosed. In operation, a user selects at least one of a plurality of applications operating on a first computer to share with at least a second computer. The first computer user then selects at least one of a plurality of security measures for preventing a user operating the second computer from performing at least one of a plurality of unauthorized operations. Next, the first computer user initiates applications sharing on the first computer, wherein the user operating the second computer may access or observe an application running on the first computer, but may not perform any unauthorized operations on the first computer.
Additional features and advantages of the invention will be set forth in part in the description that follows, and in part will be obvious from the description, or may be learned by practice of the invention. The features and advantages of the invention will be realized and attained by means of the elements and combinations particularly pointed out in the appended claims.
It is to be understood that both the foregoing general description and the following detailed description are exemplary only and not restrictive of the invention as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate several implementations, and together with the description, serve to explain the principles of the invention.
FIG. 1 is a depiction of an exemplary data processing network in which the present invention may be practiced;
FIG. 2 is a block diagram depiction of a computer upon which the present invention may operate;
FIG. 3 is a representation of a sharing frame in accordance with one embodiment of the present invention;
FIG. 4 is a representation of a sharing frame in accordance with a second embodiment of the present invention;
FIG. 5 is a representation of a sharing frame in accordance with a third embodiment of the present invention;
FIG. 6 is a representation of a sharing frame in accordance with a fourth embodiment of the present invention;
FIG. 7 is a representation of a sharing frame in accordance with a fifth embodiment of the present invention;
FIG. 8 is a detailed flowchart depicting the operation of the present invention in accordance with an exemplary embodiment; and
FIG. 9 depicts an image of a computer display during operation of the present invention.
DETAILED DESCRIPTION
In the following detailed description of one embodiment of the present invention, reference is made to the accompanying drawings that form a part thereof, and in which is shown by way of illustration a specific embodiment in which the invention may be practiced. This embodiment is described in sufficient detail to enable those skilled in the art to practice the invention and it is to be understood that other embodiments may be utilized and that structural changes may be made without departing from the scope of the present invention. The following detailed description is, therefore, not to be taken in a limited sense.
Turning first to the nomenclature of the specification, the detailed description, which follows, is represented largely in terms of processes and symbolic representations of operations performed by conventional computer components, including a central processing unit (CPU), memory storage devices for the CPU, and connected pixel-oriented display devices. These operations include the manipulation of data bits by the CPU and the maintenance of these bits within data structures residing in one or more of the memory storage devices. Such data structures impose a physical organization upon the collection of data bits stored within computer memory and represent specific electrical or magnetic elements. These symbolic representations are the means used by those skilled in the art of computer programming and computer construction to most effectively convey teachings and discoveries to others skilled in the art.
For the purposes of this discussion, a process is generally conceived to be a sequence of computer-executed steps leading to a desired result. These steps generally require logical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical, magnetic, or optical signals capable of being stored, transferred, combined, compared, or otherwise manipulated. It is conventional for those skilled in the art to refer to these signals as bits, values, elements, symbols, characters, terms, objects, numbers, records, files or the like. It should be kept in mind, however, that these and similar terms should be associated with appropriate physical quantities for computer operations, and that these terms are merely conventional labels applied to physical quantities that exist within and during operation of the computer.
It should also be understood that manipulations within the computer are often referred to in terms such as adding, comparing, moving, etc., which are often associated with manual operations performed by a human operator. In other words, the operations described herein are machine operations performed in conjunction with a human operator or user who interacts with the computer. The machines used for performing the operation of the present invention include general-purpose digital computers or other similar computing devices.
In addition, it should be understood that the programs, processes, methods described herein are not related or limited to any particular computer or apparatus. Rather, various types of general-purpose machines may be used with programs constructed in accordance with the teachings described herein. Similarly, it may prove advantageous to construct specialized apparatus to perform the method steps described herein by way of dedicated computer systems with hard-wired logic or programs stored in nonvolatile memory, such as read only memory.
The operating environment in which the present invention is used encompasses general distributed computing systems wherein general-purpose computers, workstations, or personal computers are connected via communication links of various types. In a client server arrangement, programs and data, many in the form of objects, are made available by various members of the system.
For illustration purposes, aspects of the invention are described to provide examples of how computer system according to the invention may be used to share applications between two or more computers. One of skill in the art will realize and appreciate that the present invention may be used in other sharing scenarios without departing from the spirit and scope of the present invention.
The examples described in the text are often accompanied by figures illustrating user interface displays that may be produced through use of a computer system according to the invention to implement the virtual showroom. These too are illustrative and are not intended to limit the invention in any way.
Referring now to the drawings, in which like numerals represent like elements throughout the several figures, embodiments of the present invention will be described.
An application sharing meeting is accomplished using a sharing frame. The sharing presenter's computer displays an application to be shared and a User Interface (UI) for controlling the sharing facility. The sharing participant's computer displays an image of some or all of the sharing presenter's computer display. Once sharing has been established/confirmed, input into the sharing participant's display will be sent to the sharing presenter's computer/application. During sharing, the sharing module may share inputs by transmitting mouse commands, key presses, or other input devices from the sharing participant through to the shared application.
Referring now to FIG. 1, there is shown a data processing network 100 in which the present invention may be practiced. Data processing network 100 includes a plurality of individual networks, including LANs 42 and 44, each of which includes a plurality of individual computers 10. Alternatively, as those skilled in the art will appreciate, a LAN may comprise a plurality of intelligent workstations coupled to a host processor. LAN 44 may be directly coupled to another LAN (not shown), a mainframe 54 or a gateway server 58. Gateway server 58 is preferably an individual computer or intelligent workstation that serves to indirectly link LAN 42 to LAN 44. Data processing network 100 may also include multiple servers in addition to server 58. Mainframe computers 46 and 54 may be preferably coupled to computer 10, LAN 44 and server 58 by communications links 48, 52 and 56, respectively. More specifically, link 48 is used to couple mainframe computer (46 and 54) to computer 10; link 52 is used to couple mainframe computer (46 and 54) to LAN 44; and link 56 is used to couple mainframe computer (46 and 54) directly to server 58 (indirectly to LAN 42). A communication link refers to any means for connecting two computing devices together, including Internet, Intranet, Extranet, ISDN, DSL, LAN and any future connection systems. The communication link can be provided by wired lines such as cable, optical lines, or telephone lines. It can be connected to the computer by any commercially available format of communication such as COM port, parallel port, USB port. In addition to connected wires, the communication channel may be in the form of a wireless channel such as RF and infrared channels. Mainframe computers 46 and 54 may also be coupled to storage devices 50 and 60, respectively, which may serve as remote storage for LANs 44 and 42, respectively. Those skilled in the art will appreciate that the server 58 may be located a great geographic distance from the LAN 42. Similarly, the LAN 44 may be located a substantial distance from the LAN 42.
As shown, a system in accordance with embodiments of the present invention comprises a plurality of computers 10 and associated servers and mainframes. The servers may be generally similar to the computers 10 including a central processing unit, display device, memory and operator input device. Moreover, it will be appreciated that computer 10 may also perform operations described herein as being performed by server 58, and similarly server 58 may perform operations described herein as being performed by computer 10. The distributed system may comprise any one of a number of types of networks over which workstations and servers communicate, including LANs, wide area networks (WANs), Intranets, the Internet and any other networks that distribute processing and share data among a plurality of nodes. At various locations, preferably geographically remote from each other, a number of intermediate local servers may connect server 58, and LANs 42 and 44 via network 100 to individual computers 10. All of these configurations, as well as the appropriate communications hardware and software, are known in the art.
FIG. 2 illustrates a block diagram of computer 10 as shown in FIG. 1. Computer 10 includes CPU 201, RAM 202, ROM 203, user interface adapter 216, keyboard 218, mouse 220, display adapter 224, display device 230 and network interface 56. Network interface 56 links computer 10 to network 100. CPU 201 is preferably connected to each of the elements of computer 10 via bus 214. CPU 201 executes program instructions stored in RAM 202 and ROM 203 to perform various functions of the present invention. Although computer 10 is described as being implemented with a single CPU 201, in alternative embodiments, computer 10 could be implemented with a plurality of processors operating in parallel or in series.
CPU 201 is preferably programmed to receive data from, and transmit information to, network interface 56 in response to user requests. Network interface 56, in turn, receives data streams from CPU 201 and network 100 formatted according to respective communication protocols. Network interface 56 reformats the data streams appropriately and relays the data streams to network 100 and CPU 201, as necessary. Network interface 56 preferably accommodates several different communication protocols including Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP).
In the context of the present invention, application sharing is the process whereby an administrator, organizer or presenter specifies the level of access that a remote user may have to a presenter's computer. In one exemplary embodiment, application sharing is implemented through the use of a sharing frame displayed on the presenter's computer. Referring now to FIG. 3, there is shown a depiction of a sharing frame 300 that may be shown on a presenter's computer in accordance with one embodiment of the present invention. As shown, sharing frame 300 comprises a Start View Sharing button 310, an Application Sharing menu 320, a Sharing Status message 330, and an Application menu 340.
When a presenter seeks to initiate view sharing, she simply initiates the present invention, which causes a sharing frame 300 to be displayed on the presenter's computer. In one embodiment, the presenter may initiate the present invention by pressing a button on the keyboard, right clicking a mouse button, or otherwise initiating a short cut to begin execution of the present invention. Once sharing frame 300 is displayed, the presenter then positions sharing frame 300 over the desired area on her display and presses ‘Start View Sharing’ button 310. Sharing frame 300 is a frame that may be used to encircle all or part of a presenter computer's display. An image of the data enclosed in sharing frame 300 will be immediately transmitted to a remote user. Any portion of the display outside of sharing frame 300 is not visible to a remote user. The presenter may add/delete shared applications and windows, add/delete users, and add/delete filters by activating ‘Application Sharing’ menu 320. Turning to FIG. 4, it is shown that when sharing has begun, Sharing Status message 330 changes from “Now Stopped” to ‘Now Showing,’ ‘Start View Sharing’ button 310 changes to ‘Stop View Sharing’, and a sharing icon 410 is displayed.
The presenter controls which applications will be shared with one or more remote users by placing the applications sought to be shared inside the sharing frame. The presenter alternatively, may share all of her applications with a remote user (desktop sharing), by re-sizing sharing frame 300 to be substantially the same length and width as the presenter's display. In so doing, every application executing on the presenter's display will also be available for sharing on the remote user's computer. If items of the presenter's display such as applications, icons, or the desktop appear in that area of the screen, and the transmission is enabled, then the sharing participants can see them (and potentially control them). Sharing frame 300 allows the presenter to determine quickly and easily if remote participants can see or control applications on the presenter's computer.
In a Windows™ environment, the selection of a particular application for sharing may be performed as follows. The sharing presenter may select, such as by “clicking on” a particular icon associated with an application outside of sharing frame 300 to indicate which application the presenter would like to place inside of sharing frame 300 (i.e., share). The sharing module (not shown) operating on the presenter's computer may then automatically resize sharing frame 300 to accommodate the new icon, or sharing module may simply move an image of the selected icon into the current sharing frame 300. In another operating system environment, the sharing presenter may similarly select an application by typing in the application's name (or identifier), or otherwise indicating the application to be shared.
Whenever two users are sharing applications, one embodiment of the present invention may display one or more graphical cues on the presenter's display and/or the user's display to quickly remind the presenter and/or the participant that at least one other computer is sharing applications. The application sharing control user interface (UI) itself may indicate remote access. In one embodiment, a sharing frame 300 may change color to indicate ‘view’ sharing versus ‘application’ sharing. The color should change to a color that is sufficiently different from the original color to be noticeable to the user. For example, the color of the frame may normally be brown. Changing the color to a color such as red would be noticeable without unnecessarily alarming the presenter or user.
In addition to graphical cues, multiple textual cues may remind the sharing presenter that a remote user has access to her computer. In the example with the graphical frame, to quickly and redundantly remind the sharing presenter that a participant shares control of the presenting computer, a message may appear on the title bar of the frame as another cue. This message may remind the presenter that another participant has control of the presenting computer and the name of the sharing participant. Since the frame can be resized, potentially truncating the message, the variably sized name of the participant may be placed at the end of the message and the instructions informing the presenter how to end the sharing, such as “ESC to stop,” may appear at the beginning of the message.
Since the presenter's focus may be somewhere else, multiple locations for these cues help to quickly and redundantly remind the sharing presenter that a participant has control of the presenting computer. For example, other parts of the presenter's meeting UI may be replaced with messages indicating that another user is sharing control. All participants in the meeting might see the messages.
Providing the presenter a consistent location to go to in order to determine this remote access helps to quickly and redundantly remind the sharing presenter that a participant shares control of the presenting computer. This consistent location may have changing graphical or textual cues. For example, a status bar can provide a consistent location and icons may provide the small and easily identifiable graphical cues. An icon similar to icon 410 (FIG. 4) may be shown, or an icon similar to the icon depicted below may be shown.
Figure US08869040-20141021-C00001
In one embodiment, the figure in the left column may represent the sharing presenter, and the figure in the right column may represent the sharing participant. The arrow from left to right represents the data for the presentees display sent from the presenter's computer to the participant's computer, and the arrow from right to left represents the sharing participant's ability to send keyboard, mouse, and other input to the sharing presenter's computer. When the sharing participant is sending such input (i.e., controlling the presenter's application(s)), the upper arrow may blink giving an indication that someone is remotely controlling the computer. In one embodiment, this interactive icon may be displayed on all computers participating in a sharing session to inform the other users when someone else is controlling the application.
During a sharing session, the sharing module transmits an identical screen image of the data depicted in sharing frame 300 to the one or more remote user's display. The sharing module (not shown) may share inputs from users by transmitting mouse clicks, keyboard inputs, or other input received from a user through the shared application. A user may be granted access to the presenter's entire desktop (desktop sharing), or to one or more applications operating on the presenter's desktop (application sharing). If the presenter does not want to share a particular application, she can move (i.e., use a mouse to click and drag) the application's icon outside of the sharing frame.
When the presenter opens one or more windows for a particular application (e.g., the presenter may open one or more individual Word™ documents), she may further limit sharing to a subset of the total windows for each application (e.g., one Word™ document). If no part of that window is visible within the frame, then the sharing participant cannot move that window into view even if that window is part of the shared application. The presenter can further refine what is shared and what is not shared by sharing a different size and portion of the screen. Furthermore, the frame may be moved, reshaped, or resized to represent which portion of the screen to share. If desired, the sharing presenter could position and resize multiple windows and then position the frame around those windows hiding all of the desktop background.
In one embodiment, to share an application or window, the native application (on the presenter's computer), calls a process (e.g., the GetWindowThreadProcessld) on the selected window, and saves the returned process id. GetWindowThreadProcessId is called on the window of future mouse and keyboard events. If that process id does not match the saved process id, then those events are ignored. The implementation allows most application's spawned windows [e.g. Open dialogs, Find dialogs, Tool bars, etc.] to be shared along with the selected window. If, however, the application uses a separate process for these other windows, then these other windows will not be shared.
The de-selection of a particular application may be performed similarly to the process performed when an application is selected for sharing. In particular, the sharing presenter may select a particular icon or window inside sharing frame 300 that the presenter would no longer like to share. The presenter may activate a different button on the mouse or she may press a different key on the keyboard to indicate that she would like to deselect the window or application. The sharing module (not shown) operating on the presenter's computer may then automatically resize sharing frame 300 to exclude the new icon. Alternatively, sharing module may simply move the icon outside of sharing frame 300 without changing the size of sharing frame 300.
Instead of deleting an entire application, the presenter may want finer controls to provide a remote user with less than full access to the application. For example, a presenter may choose to provide a remote user with access to a particular application, but limit the number of functions associated with that application that the remote user may access. Examples of finer controls include controls to limit visual access and interactive control to visible portions of the screen.
The use of menu bars from the shared application may provide more control to remote users. For example, a sharing presenter might want to share a single document, but a remote user could open up other documents using the ‘Open’ option (not shown) on the File menu. FIG. 3 shows an exemplary sharing frame in which a user can access the commands in the menu bar. In that instance, a sharing participant could open up dialogs that were intended to be shared such as the ‘Save’ option (not shown). However, by selecting the Save option in the File menu, an application might display a mini-Explorer window allowing the sharing participant to traverse the file system hierarchy. By right clicking one of those files, the sharing participant could accidentally delete it or even launch another application using the “Open with . . . ” (not shown) menu feature.
Different ways to disable menu bars include hiding the menu outside of the viewable portion of the screen, disallowing the ability to click on these menus, masking out the menu (FIG. 7), or disallowing right clicks on icons. Remote access to menu bars may be automatically limited or specifically limited by the presenter.
Window borders may also permit access to functionality that the sharing presenter may not wish to share. Referring to FIG. 5, there is shown a window containing sizing controls. A sharing participant accessing FIG. 5 could resize the shared windows or move windows exposing previously hidden or private information. Also, a sharing participant could accidentally close or minimize the windows, allowing access to other windows hidden behind the previously open window. To prevent this problem, one solution is to automatically resize a graphical sharing frame around the application window to crop out the window border of the window containing the sizing controls. Another solution is to gray out the window controls (shown in FIG. 6). A sharing presenter desiring to provide remote users with access to such sizing controls, may grant control of these functions by resizing the frame to show this border. Referring to FIG. 7, there is shown another embodiment of a sharing frame 300 in accordance with an alternate embodiment. In FIG. 7, the menu and window borders are grayed out to prevent a sharing participant from accessing the menu or the sizing controls.
Some keystrokes or inputs may provide a remote user undesired control over the presenter's computer, such as by changing the state of the presenter's computer. For example, a remote user depressing the ‘CAPS LOCK’ key could modify the presenter's desktop by causing all letters inputted to appear in capital form. In order to prevent unwanted changes to the logical state of the sharing presenter's computer, one embodiment of the present invention may implement controls to filter out other input from a mouse, keyboard, or other input devices on the remote user's side. In one embodiment, inputs are transmitted to the sharing presenter's computer where the keyboard events are entered and processed as if they were input at the presenter's computer. For example, instead of changing the state of the presenter's computer, the sharing module (not shown) on the participant's computer may maintain the state of the sharing participant's CAPS LOCK key. If the sharing participant's CAPS LOCK was enabled, then each keyboard event is simulated as an event with the shift key modifier. The keystroke transmitted to the presenter's computer could then be modified prior to transmission to the presenter's computer, negating any need to change the state of the presenter's computer. Consequently, the image depicted on the user's computer will portray one image (all caps), while the presenter's computer will display a second image (normal capitalization). This same principle may be applied to prevent a remote user from performing unauthorized operations. That is, if a remote user attempts to access a menu item or resize a window, sharing module may filter the input from the incoming data stream to prevent the unauthorized input from adversely affecting the presenter's computer.
Different applications might have different security requirements. For example, in one application a presenter may want to share a particular menu in the menu bar but not others. The File menu from the above example gives access to the ‘Open’ option, while the Edit menu gives access to acceptable functionality such as copy and paste. Configurations of this nature on a per-application basis may be complex but important from a security point of view. Maintaining this configuration automatically from session to session can improve the security of the session by reducing the likelihood of configuration errors. Thus when a user has shared a particular application, the sharing module saves the settings chosen by the user. For example, the user may specify that sharing with participant “A” will filter out sizing controls, and menu bars. The next time the user attempts to share the same application with the same participant, the sharing module will reinstate these same options. Then, if the options are changed, the new settings will be saved for a subsequent sharing session.
Even with all of the above features to limit a user's ability to control the sharing presenter's computer, the sharing presenter should always be in control. If necessary, she should be able to easily and quickly deny control to the sharing participant. Providing a “panic button” that is easily known and remembered may be a valuable method of retaining ultimate control. One possible consistent method is a short series of keystrokes or a single keystroke (e.g., button 310). For example, when a presenter has granted control to a sharing participant, she can decide to revoke that ability and stop application sharing by pressing the ESC key. In one embodiment, a presenter may vocally guide the sharing participant away from private areas or destructive features like the Delete option. However, if the participant chooses not to listen to the presenter, the presenter can immediately press the ESC key before anything unfortunate or embarrassing happens. While a sharing participant has control, a visible message might say “ESC to cancel sharing with USER-ID” to teach and remind the presenter the location of the “panic button”.
Turning now to FIG. 8, there is shown a detailed flowchart depicting the use and operation of an embodiment of the present invention. In one such embodiment, software for executing the process depicted in FIG. 8 is loaded into RAM 202 for execution on microprocessor 201. As shown in FIG. 8, processing begins in step 810 when a first user (organizer) enters the appropriate keystrokes or mouse clicks to invoke computer 10. In one embodiment, the organizer enters the names (or other network identifiers) of the other participants (invitees). An example of a display that may be depicted on the organizer's computer is shown in FIG. 9. As shown, display 900 may include a numerical count of the number of participants present. It may alternatively include each participant's name and/or their network address. In the event that a count is maintained, the number of participants will be incremented each time the organizer adds a new participant to the session. Once all the participants are inputted, processing flows to step 820, where the user privileges may be specified. User privileges can be used to maintain the controls and access which particular users are able to give, receive, set up, or otherwise change. “User” includes any one of the following individuals, an administrator, an organizer, a presenter or a participant.
An administrator is charged with setting the boundaries of the controls allowed to other users. For example, an administrator may limit the amount of control one user may grant to another user. More specifically, an administrator may allow an organizer to grant sharing control or may prohibit organizers from setting up a meeting in which control is granted to other users. An organizer sets up a meeting in which presenter(s) and participant(s) share control of a computer or computers. The organizer may grant any controls allowed by the administrator.
In an exemplary embodiment, the security level may be specified: (A) for the entire community of users; (B) for a group of users in the community; (C) on a meeting-by-meeting basis; or (D) on an individual basis.
A. Controlling Application Sharing (AS) Privileges for an Entire Community
The ability to globally control application sharing for an entire community of users may be desirable. For example, these controls could activate all application sharing, single application sharing only, or view sharing only or these controls could disable all application sharing for a particular community of users. If disabling is requested, no user in that community can use application sharing and no meetings in the community will have any application sharing capability. If view sharing only is requested, an organizer may allow presenters in the community to show other participants an application remotely, but presenters may not grant participants control of the application. If single application sharing only is requested, then organizers may create meetings with single application sharing capability. Presenters may grant participants control of a single application, but cannot grant control over all windows or icons visible within the frame. If all application sharing capability is requested, then organizers may create meetings with any type of sharing capability.
B. Controlling AS Privileges for a Particular User or Group of Users in that Community
Controls allowing an administrator to give certain users or groups of users more privileges may alternatively be desirable. If some presenters need more application sharing capability, an administrator may set individual privileges for each presenter. These privileges would allow presenters to grant privileges to each user based on various factors including the level of technical sophistication of each user, the degree of user interaction required, and the level of technical sophistication of the subject matter to be discussed. For example, a user may be given the privilege to only share a single application when that user is created by an administrator. At creation time, the administrator may have three options for granting users application sharing privileges:
    • 1. Disable—The User cannot enable Application Sharing for a meeting.
    • 2. Single Application—The User can enable only single Application Sharing for a meeting.
    • 3. (Advanced User only) Single Application and Desktop—The User can enable single or desktop Application Sharing for a meeting. (If the presenter chooses to share the desktop, everything viewable by the remote user, including desktop icons is available to that user.)
C. Controlling Application Sharing Privileges on a Per-Meeting Level
An organizer in a community also may want to specify different application sharing abilities for a particular session. For example, once the administrator has set up a user, the organizer could then in turn decide how sophisticated a particular meeting is when scheduling a meeting. The organizer could turn on only what is granted by the administrator. When scheduling or modifying a meeting in this example, a fully privileged user would see the follow choices:
    • 1. Application Sharing is disabled.
    • 2. Application Sharing is enabled for a single application.
    • 3. Application Sharing is enabled for everything in the frame.
Once the privileges for each user are specified (step 820), processing flows to step 830 where the applications to-be-shared are selected. As stated above, the presenter may select applications by logically placing them inside sharing frame 300 or by simply identifying the applications and relying on sharing module (not shown) to automatically resize sharing frame 300 to accommodate the new application. Once the application(s) are selected processing flows to step 840 where the sharing presenter initiates View or Application sharing.
From the foregoing description, it will be appreciated that the present invention provides an efficient system and method for providing application sharing security. The present invention has been described in relation to particular embodiments, which are intended in all respects to be illustrative rather than restrictive. Those skilled in the art will appreciate that many different combinations of hardware will be suitable for practicing the present invention. Many commercially available substitutes, each having somewhat different cost and performance characteristics, exist for each of the components described above.
Despite the fact that aspects of the present invention are described as being stored in memory, one skilled in the art will appreciate that these aspects can also be stored on or read from other types of computer-readable media, such as secondary storage devices, like hard disks, floppy disks, or CD-ROMs; a carrier wave from the Internet; or other forms of RAM or ROM. Similarly, the method of the present invention may conveniently be implemented in program modules that are based upon the flow charts in FIG. 8. No particular programming language has been indicated for carrying out the various procedures described above because it is considered that the operations, steps and procedures described above and illustrated in the accompanying drawings are sufficiently disclosed to permit one of ordinary skill in the art to practice the instant invention. Moreover, there are many computers and operating systems, which may be used in practicing the instant invention and, therefore, no detailed computer program could be provided which would be applicable to these many different systems. Each user of a particular computer will be aware of the language and tools which are most useful for that user's needs and purposes.
Alternative embodiments will become apparent to those skilled in the art to which the present invention pertains without departing from its spirit and scope. Accordingly, the scope of the present invention is defined by the appended claims rather than the foregoing description.

Claims (19)

We claim:
1. A method in a computer for sharing between a presenter and a participant, the method comprising:
displaying a sharing frame on a display of the presenter, the sharing frame encompassing a portion of the display, the portion of the display displaying a window of an application;
sending the portion of the display encompassed by the sharing frame that includes the window to a computer of the participant for display to the participant; and
after the presenter moves the window to outside of the sharing frame, sending the portion of the display encompassed by the sharing frame that no longer includes the window to the computer of the participant for display to the participant to terminate the sharing of the window.
2. The method of claim 1 wherein the presenter moves the window by dragging and dropping the window from inside the sharing frame to outside the sharing frame.
3. The method of claim 1 wherein after the presenter moves a second window into the sharing frame, sending the portion of the display encompassed by the sharing frame that now includes the second window to the computer of the participant to share the second window.
4. The method of claim 1 wherein the sending of the portion of the display encompassed by the sharing frame that includes the window is in response to the presenter indicating to start sharing.
5. The method of claim 1 wherein after the presenter resizes the sharing frame, sending a second portion of the display encompassed by the moved sharing frame to the computer of the participant for display to the participant.
6. The method of claim 1 wherein after the presenter moves the sharing frame, sending a second portion of the display encompassed by the moved sharing frame to the computer of the participant for display to the participant.
7. The method of claim 1 wherein the sharing is view sharing.
8. The method of claim 1 wherein the sharing is application sharing.
9. The method of claim 1 wherein a cue is displayed to indicate when the sharing frame is being shared.
10. A computing device for sharing a window between a presenter and a participant, the computing device comprising:
a memory storing computer-executable instructions for:
displaying a sharing frame on a display of the presenter, the sharing frame encompassing a portion of the display;
after the presenter moves a window into the sharing frame, sending the portion of the display encompassed by the sharing frame that includes the window to a computer of the participant to share the window with the participant; and
after the presenter moves the window of the application to outside of the sharing frame, sending the portion of the display encompassed by the sharing frame to the computer of the participant for display to the participant to terminate the sharing of the window; and
a processor for executing the computer-executable instructions stored in the memory.
11. The computing device of claim 10 wherein the presenter moves the window by dragging and dropping the window from inside the sharing frame to outside the sharing frame.
12. The computing device of claim 10 wherein the presenter moves the window by selecting an icon representing an application that is displayed outside the sharing frame.
13. The computing device of claim 10 wherein the sending of the portion of the display encompassed by the sharing frame that includes the window is in response to the presenter indicating to start sharing.
14. The computing device of claim 10 wherein the computer-executable instructions are further for, after the presenter resizes the sharing frame, sending a second portion of the display encompassed by the resized sharing frame to the computer of the participant for display to the participant.
15. The computing device of claim 10 wherein the computer-executable instructions are further for, after the presenter moves the sharing frame, sending a second portion of the display encompassed by the moved sharing frame to the computer of the participant for display to the participant.
16. A computer-readable storage device containing instructions for controlling a computer to share a window between a presenter and a participant, by a method comprising:
receiving from the presenter an indication to display a sharing frame;
after receiving the indication to display the sharing frame, displaying the sharing frame on a display of the presenter, the sharing frame encompassing a portion of the display;
receiving from the presenter an indication to share the displayed sharing frame;
after receiving the indication to share the displayed sharing frame, sending the portion of the display encompassed by the sharing frame to a computer of the participant for display to the participant.
17. The computer-readable storage device of claim 16 wherein before receiving the indication to share the displayed sharing frame, the presenter moves a window of an application from outside the sharing frame to inside the sharing frame so that that window is shared with the participant.
18. The computer-readable storage device of claim 17 wherein when the presenter moves the window of the application to outside of the sharing frame, sending the portion of the display encompassed by the sharing frame to the computer of the participant for display to the participant to terminate the sharing.
19. The computer-readable storage device of claim 16 wherein before receiving the indication to share the displayed sharing frame, the presenter moves the sharing frame to encompass a different portion of the display.
US12/983,840 2002-04-22 2011-01-03 Application sharing security Active 2025-11-30 US8869040B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/983,840 US8869040B2 (en) 2002-04-22 2011-01-03 Application sharing security

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US37415102P 2002-04-22 2002-04-22
US10/420,007 US7266779B2 (en) 2002-04-22 2003-04-22 Application sharing security
US11/849,669 US7877693B2 (en) 2002-04-22 2007-09-04 Application sharing security
US12/983,840 US8869040B2 (en) 2002-04-22 2011-01-03 Application sharing security

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/849,669 Continuation US7877693B2 (en) 2002-04-22 2007-09-04 Application sharing security

Publications (2)

Publication Number Publication Date
US20110099496A1 US20110099496A1 (en) 2011-04-28
US8869040B2 true US8869040B2 (en) 2014-10-21

Family

ID=29251150

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/420,007 Expired - Lifetime US7266779B2 (en) 2002-04-22 2003-04-22 Application sharing security
US11/849,669 Expired - Fee Related US7877693B2 (en) 2002-04-22 2007-09-04 Application sharing security
US12/983,840 Active 2025-11-30 US8869040B2 (en) 2002-04-22 2011-01-03 Application sharing security

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US10/420,007 Expired - Lifetime US7266779B2 (en) 2002-04-22 2003-04-22 Application sharing security
US11/849,669 Expired - Fee Related US7877693B2 (en) 2002-04-22 2007-09-04 Application sharing security

Country Status (8)

Country Link
US (3) US7266779B2 (en)
EP (1) EP1497739B1 (en)
JP (2) JP2005523522A (en)
KR (2) KR101027868B1 (en)
CN (2) CN101149772B (en)
AU (1) AU2003231024A1 (en)
ES (1) ES2601484T3 (en)
WO (1) WO2003090103A1 (en)

Families Citing this family (104)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950388B2 (en) * 1996-08-22 2005-09-27 Tellabs Operations, Inc. Apparatus and method for symbol alignment in a multi-point OFDM/DMT digital communications system
US6771590B1 (en) * 1996-08-22 2004-08-03 Tellabs Operations, Inc. Communication system clock synchronization techniques
US5790514A (en) * 1996-08-22 1998-08-04 Tellabs Operations, Inc. Multi-point OFDM/DMT digital communications system including remote service unit with improved receiver architecture
US6118758A (en) * 1996-08-22 2000-09-12 Tellabs Operations, Inc. Multi-point OFDM/DMT digital communications system including remote service unit with improved transmitter architecture
US7440498B2 (en) * 2002-12-17 2008-10-21 Tellabs Operations, Inc. Time domain equalization for discrete multi-tone systems
US20060161624A1 (en) * 2001-04-13 2006-07-20 Elaine Montgomery Methods and apparatuses for dynamically sharing a portion of a display for application based screen sampling
US20060161622A1 (en) * 2001-04-13 2006-07-20 Elaine Montgomery Methods and apparatuses for selectively sharing a portion of a display for application based screen sampling using direct draw applications
JP2005523522A (en) * 2002-04-22 2005-08-04 プレイスウェア インコーポレイテッド Application shared security
US8756513B1 (en) 2002-04-23 2014-06-17 Microsoft Corporation Document viewing mechanism for document sharing environment
US7293243B1 (en) * 2002-05-22 2007-11-06 Microsoft Corporation Application sharing viewer presentation
GB0301448D0 (en) * 2003-01-22 2003-02-19 Falanx Microsystems As Microprocessor systems
US10152190B2 (en) 2003-12-15 2018-12-11 Open Invention Network, Llc Systems and methods for improved application sharing in a multimedia collaboration session
US20050160176A1 (en) * 2004-01-21 2005-07-21 Seales W. B. System and method for remote data processing and storage
US8639819B2 (en) * 2004-02-05 2014-01-28 Nokia Corporation Ad-hoc connection between electronic devices
US7680885B2 (en) 2004-04-15 2010-03-16 Citrix Systems, Inc. Methods and apparatus for synchronization of data set representations in a bandwidth-adaptive manner
US20060002315A1 (en) * 2004-04-15 2006-01-05 Citrix Systems, Inc. Selectively sharing screen data
US7827139B2 (en) * 2004-04-15 2010-11-02 Citrix Systems, Inc. Methods and apparatus for sharing graphical screen data in a bandwidth-adaptive manner
US7640502B2 (en) * 2004-10-01 2009-12-29 Microsoft Corporation Presentation facilitation
US20060168114A1 (en) * 2004-11-12 2006-07-27 Arnaud Glatron Audio processing system
JP2006197041A (en) * 2005-01-12 2006-07-27 Nec Corp PoC SYSTEM AND PoC MOBILE TERMINAL, POINTER DISPLAY METHOD USED THEREFOR, AND PROGRAM THEREOF
US20060168533A1 (en) * 2005-01-27 2006-07-27 Microsoft Corporation System and method for providing an indication of what part of a screen is being shared
US20060190826A1 (en) * 2005-02-22 2006-08-24 Elaine Montgomery Methods and apparatuses for dynamically sharing a portion of a display during a collaboration session
US8117560B1 (en) 2005-02-22 2012-02-14 Cisco Technology, Inc. Methods and apparatuses for selectively removing sensitive information during a collaboration session
US8347395B2 (en) * 2005-03-02 2013-01-01 Siemens Aktiengesellschaft Filtering data requiring confidentiality in monitor mirroring
US7877443B2 (en) * 2005-05-12 2011-01-25 International Business Machines Corporation Method, system, and computer program product for web conference participant display render acknowledgement
US8443040B2 (en) * 2005-05-26 2013-05-14 Citrix Systems Inc. Method and system for synchronizing presentation of a dynamic data set to a plurality of nodes
US7610345B2 (en) * 2005-07-28 2009-10-27 Vaporstream Incorporated Reduced traceability electronic message system and method
US9282081B2 (en) 2005-07-28 2016-03-08 Vaporstream Incorporated Reduced traceability electronic message system and method
US8166175B2 (en) * 2005-09-12 2012-04-24 Microsoft Corporation Sharing a port with multiple processes
US8370431B1 (en) * 2005-11-16 2013-02-05 Juniper Networks, Inc. Secure desktop for a network meeting
US8146002B2 (en) * 2005-12-08 2012-03-27 International Business Machines Corporation Screen sharing session with selective pop-ups
US8185605B2 (en) * 2006-07-18 2012-05-22 Cisco Technology, Inc. Methods and apparatuses for accessing an application on a remote device
US8291042B2 (en) * 2006-07-31 2012-10-16 Lenovo (Singapore) Pte. Ltd. On-demand groupware computing
US7904820B2 (en) * 2007-06-25 2011-03-08 International Business Machines Corporation User management of display properties of shared display window in shared display window environment
US7937663B2 (en) * 2007-06-29 2011-05-03 Microsoft Corporation Integrated collaborative user interface for a document editor program
CN101378389B (en) * 2007-08-28 2012-05-23 华为技术有限公司 Server, system and information sharing method
US8015496B1 (en) * 2007-10-26 2011-09-06 Sesh, Inc. System and method for facilitating visual social communication through co-browsing
US20090204414A1 (en) * 2008-02-07 2009-08-13 Bharat Punjalal Shah Method and system to enable in-context pre-meeting dialogue and collaboration among invitees
US20090217170A1 (en) * 2008-02-27 2009-08-27 Audividi Inc. System and method for sharing display information
US8887063B2 (en) 2008-05-21 2014-11-11 Smart Technologies Ulc Desktop sharing method and system
US8386779B2 (en) * 2008-08-20 2013-02-26 Oracle International Corporation Role navigation designer and verifier
US20100131868A1 (en) * 2008-11-26 2010-05-27 Cisco Technology, Inc. Limitedly sharing application windows in application sharing sessions
US8966374B1 (en) * 2009-03-30 2015-02-24 Glance Networks, Inc. Method and apparatus for enabling participants to assume control over a presentation in a remote viewing session
US8185828B2 (en) * 2009-04-08 2012-05-22 Cisco Technology, Inc. Efficiently sharing windows during online collaborative computing sessions
US9965743B2 (en) 2009-06-30 2018-05-08 Cdw Llc Session collaborator
US8341214B2 (en) * 2009-08-12 2012-12-25 Xerox Corporation System and method for communicating with a network of printers using a mobile device
US20110047501A1 (en) * 2009-08-21 2011-02-24 Avaya Inc. Sequenced applications with user playback or other user controls utilizing a single window or dialog box
US20110126194A1 (en) * 2009-11-24 2011-05-26 International Business Machines Corporation Shared security device
US8769428B2 (en) * 2009-12-09 2014-07-01 Citrix Systems, Inc. Methods and systems for generating a combined display of taskbar button group entries generated on a local machine and on a remote machine
US20110149811A1 (en) * 2009-12-23 2011-06-23 Ramprakash Narayanaswamy Web-Enabled Conferencing and Meeting Implementations with Flexible User Calling Features
GB201001728D0 (en) * 2010-02-03 2010-03-24 Skype Ltd Screen sharing
US8549413B2 (en) 2010-04-08 2013-10-01 International Business Machines Corporation Discriminating among resources to share
FR2959632B1 (en) * 2010-05-03 2012-10-19 Evidian METHOD FOR OPENING A SESSION OF A MACHINE BELONGING TO A MACHINE PARK
JP5510236B2 (en) * 2010-09-21 2014-06-04 コニカミノルタ株式会社 Image forming apparatus, display control method, and display control program
US20120144319A1 (en) * 2010-12-03 2012-06-07 Razer (Asia-Pacific) Pte Ltd Collaboration Management System
FR2968495B1 (en) * 2010-12-06 2019-03-15 Isard PARTIAL LEARNING SHARING METHOD OF SOFTWARE APPLICATION
KR101842256B1 (en) * 2011-02-01 2018-03-26 삼성전자주식회사 Method and apparatus for executing application installed in remote device
CN102981914A (en) * 2011-09-05 2013-03-20 联想(北京)有限公司 Synchronized method and electronic device
US9779106B2 (en) 2011-08-15 2017-10-03 Lenovo (Beijing) Co., Ltd. Application management method and device
JP5987299B2 (en) * 2011-11-16 2016-09-07 ソニー株式会社 Display control apparatus, display control method, and program
JP5967106B2 (en) * 2011-12-22 2016-08-10 ソニー株式会社 Information sharing device, information sharing method, information sharing program, and terminal device
KR101474927B1 (en) 2011-12-22 2014-12-31 주식회사 케이티 Method for outputting image data from terminal to display device and terminal thereof
KR101522399B1 (en) 2011-12-23 2015-05-22 주식회사 케이티 Method for displaying image from handheld terminal to display device and handheld terminal thereof
KR101546407B1 (en) 2011-12-23 2015-08-24 주식회사 케이티 Method and apparatus for execution controlling of application
KR101504655B1 (en) * 2011-12-26 2015-03-23 주식회사 케이티 Method and apparatus for controlling application execution
JP5928048B2 (en) 2012-03-22 2016-06-01 ソニー株式会社 Information processing apparatus, information processing method, information processing program, and terminal apparatus
CN104704485B (en) 2012-07-19 2018-11-30 格兰斯电讯网络有限公司 A method of viewing content from a first browser at a second location
CN103020501B (en) * 2012-11-14 2017-02-15 无锡城市云计算中心有限公司 Access control method and access control device of user data
US9699271B2 (en) * 2013-01-29 2017-07-04 Blackberry Limited Method and apparatus for suspending screen sharing during confidential data entry
US9027098B2 (en) * 2013-03-14 2015-05-05 Genband Us Llc Systems, methods, and computer program products for recording service status of applications
US20160147427A1 (en) * 2013-06-26 2016-05-26 Hewlett-Packard Development Company, L.P. Thin client computing device taskbar and widgets
CN103377338A (en) * 2013-07-24 2013-10-30 宁夏新航信息科技有限公司 Computer software installation file management method
US9377925B2 (en) * 2013-08-30 2016-06-28 Citrix Systems, Inc. GUI window with portal region for interacting with hidden interface elements
EP3220321A1 (en) * 2014-04-03 2017-09-20 Cubic Corporation Remotely controlled vending machine
US11310312B2 (en) 2014-07-07 2022-04-19 Citrix Systems, Inc. Peer to peer remote application discovery
US11283866B2 (en) * 2014-07-07 2022-03-22 Citrix Systems, Inc. Providing remote access to applications through interface hooks
TW201610699A (en) * 2014-09-05 2016-03-16 緯創資通股份有限公司 Methods for sharing applications and apparatuses using the same
KR102412436B1 (en) * 2014-11-26 2022-06-24 삼성전자주식회사 Electronic device for managing use of data from other electronic devcie and method for controlling thereof
JP6350302B2 (en) * 2015-01-22 2018-07-04 オムロン株式会社 Programmable display
US9813506B2 (en) * 2015-06-18 2017-11-07 Vmware, Inc. Distributed self-served application remoting
US10198252B2 (en) 2015-07-02 2019-02-05 Microsoft Technology Licensing, Llc Transformation chain application splitting
US9733915B2 (en) 2015-07-02 2017-08-15 Microsoft Technology Licensing, Llc Building of compound application chain applications
US9658836B2 (en) 2015-07-02 2017-05-23 Microsoft Technology Licensing, Llc Automated generation of transformation chain compatible class
US10261985B2 (en) 2015-07-02 2019-04-16 Microsoft Technology Licensing, Llc Output rendering in dynamic redefining application
US9733993B2 (en) 2015-07-02 2017-08-15 Microsoft Technology Licensing, Llc Application sharing using endpoint interface entities
US9785484B2 (en) 2015-07-02 2017-10-10 Microsoft Technology Licensing, Llc Distributed application interfacing across different hardware
US9860145B2 (en) 2015-07-02 2018-01-02 Microsoft Technology Licensing, Llc Recording of inter-application data flow
US9712472B2 (en) 2015-07-02 2017-07-18 Microsoft Technology Licensing, Llc Application spawning responsive to communication
US10031724B2 (en) 2015-07-08 2018-07-24 Microsoft Technology Licensing, Llc Application operation responsive to object spatial status
US10198405B2 (en) 2015-07-08 2019-02-05 Microsoft Technology Licensing, Llc Rule-based layout of changing information
US10277582B2 (en) 2015-08-27 2019-04-30 Microsoft Technology Licensing, Llc Application service architecture
US10237309B2 (en) * 2015-11-25 2019-03-19 International Business Machines Corporation Managing virtual desktop infrastructure data sharing
US11778034B2 (en) * 2016-01-15 2023-10-03 Avaya Management L.P. Embedded collaboration with an application executing on a user system
US10187395B2 (en) 2016-04-28 2019-01-22 Microsoft Technology Licensing, Llc Resource sharing and designation of permissions for other tenants and unregistered users of same tenant
US10757258B1 (en) * 2018-05-12 2020-08-25 Glance Networks, Inc. Visual engagement using automatically dynamically selected visualization mediums
US11093046B2 (en) 2019-12-16 2021-08-17 Microsoft Technology Licensing, Llc Sub-display designation for remote content source device
US11042222B1 (en) 2019-12-16 2021-06-22 Microsoft Technology Licensing, Llc Sub-display designation and sharing
US11404028B2 (en) 2019-12-16 2022-08-02 Microsoft Technology Licensing, Llc Sub-display notification handling
US11487423B2 (en) 2019-12-16 2022-11-01 Microsoft Technology Licensing, Llc Sub-display input areas and hidden inputs
US11481178B2 (en) * 2021-01-29 2022-10-25 Avaya Management L.P. Secure multiple application sharing during a remote session
CN113064536B (en) * 2021-06-01 2021-10-19 深圳传音控股股份有限公司 Processing method, processing device and readable storage medium
CN114047829B (en) * 2021-10-28 2024-11-22 西安微电子技术研究所 A keyboard and mouse device sharing method
US20240201930A1 (en) * 2022-12-20 2024-06-20 Microsoft Technology Licensing, Llc Method and system for providing a content sharing window
US12346625B2 (en) * 2023-07-28 2025-07-01 International Business Machines Corporation Controlled screen sharing

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5107443A (en) 1988-09-07 1992-04-21 Xerox Corporation Private regions within a shared workspace
US5392400A (en) 1992-07-02 1995-02-21 International Business Machines Corporation Collaborative computing system using pseudo server process to allow input from different server processes individually and sequence number map for maintaining received data sequence
JPH08286874A (en) 1995-03-31 1996-11-01 Mitsubishi Electric Res Lab Inc Window control system
JPH08287016A (en) 1995-04-14 1996-11-01 Mitsubishi Electric Corp Collaborative work support system
JPH0962630A (en) 1995-08-22 1997-03-07 Fujitsu Ltd General-purpose application program sharing system
JPH09190411A (en) 1996-01-12 1997-07-22 Nec Corp Operation right linking system and cooperation work system in shared application program
US5689641A (en) 1993-10-01 1997-11-18 Vicor, Inc. Multimedia collaboration system arrangement for routing compressed AV signal through a participant site without decompressing the AV signal
US5758110A (en) 1994-06-17 1998-05-26 Intel Corporation Apparatus and method for application sharing in a graphic user interface
US5799191A (en) 1993-03-12 1998-08-25 Kabushiki Kaisha Toshiba Method and apparatus for supporting cooperative works via computer network
JP2000099233A (en) 1998-09-24 2000-04-07 Fujitsu Ltd Shared screen control device
JP2000207363A (en) 1999-01-07 2000-07-28 Hewlett Packard Co <Hp> User access controller
US6199101B1 (en) 1995-12-22 2001-03-06 Siemens Aktiengesellschaft Process for access control to computer-controlled programs usable by several user units at the same time
US6266691B1 (en) 1996-06-28 2001-07-24 Fujitsu Limited Conference support system with user operation rights and control within the conference
US20020069369A1 (en) * 2000-07-05 2002-06-06 Tremain Geoffrey Donald Method and apparatus for providing computer services
US20030055894A1 (en) * 2001-07-31 2003-03-20 Yeager William J. Representing trust in distributed peer-to-peer networks
US20040039828A1 (en) 2002-08-22 2004-02-26 International Business Machines Corporation Simulation of computer application function to assist a user
US7266779B2 (en) 2002-04-22 2007-09-04 Microsoft Corporation Application sharing security

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08241280A (en) * 1995-03-01 1996-09-17 Oki Electric Ind Co Ltd Method for controlling application operation right
CN1184577A (en) * 1995-05-16 1998-06-10 明尼苏达矿产制造公司 Data conferencing between remotely located participants
CN1227644A (en) * 1996-08-02 1999-09-01 通讯软件有限公司 Method and apparatus for allowing distributed control of shared resources
JP3437933B2 (en) * 1999-01-21 2003-08-18 インターナショナル・ビジネス・マシーンズ・コーポレーション Browser sharing method and system
JP2001195293A (en) * 2000-01-06 2001-07-19 Fujitsu Ltd Access restriction device and method, and computer-readable recording medium recording a program to be executed by a computer to realize the device
US7166779B1 (en) * 2003-03-07 2007-01-23 Monsanto Technology, L.L.C. Plants and seeds of variety I294213

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5107443A (en) 1988-09-07 1992-04-21 Xerox Corporation Private regions within a shared workspace
US5392400A (en) 1992-07-02 1995-02-21 International Business Machines Corporation Collaborative computing system using pseudo server process to allow input from different server processes individually and sequence number map for maintaining received data sequence
US5799191A (en) 1993-03-12 1998-08-25 Kabushiki Kaisha Toshiba Method and apparatus for supporting cooperative works via computer network
US5689641A (en) 1993-10-01 1997-11-18 Vicor, Inc. Multimedia collaboration system arrangement for routing compressed AV signal through a participant site without decompressing the AV signal
US5758110A (en) 1994-06-17 1998-05-26 Intel Corporation Apparatus and method for application sharing in a graphic user interface
US5796396A (en) 1995-03-31 1998-08-18 Mitsubishi Electric Information Technology Center America, Inc. Multiple user/agent window control
JPH08286874A (en) 1995-03-31 1996-11-01 Mitsubishi Electric Res Lab Inc Window control system
JPH08287016A (en) 1995-04-14 1996-11-01 Mitsubishi Electric Corp Collaborative work support system
JPH0962630A (en) 1995-08-22 1997-03-07 Fujitsu Ltd General-purpose application program sharing system
US6199101B1 (en) 1995-12-22 2001-03-06 Siemens Aktiengesellschaft Process for access control to computer-controlled programs usable by several user units at the same time
JPH09190411A (en) 1996-01-12 1997-07-22 Nec Corp Operation right linking system and cooperation work system in shared application program
US6266691B1 (en) 1996-06-28 2001-07-24 Fujitsu Limited Conference support system with user operation rights and control within the conference
JP2000099233A (en) 1998-09-24 2000-04-07 Fujitsu Ltd Shared screen control device
US7451181B2 (en) 1998-09-24 2008-11-11 Fujitsu Limited Apparatus for controlling a shared screen
JP2000207363A (en) 1999-01-07 2000-07-28 Hewlett Packard Co <Hp> User access controller
US20020069369A1 (en) * 2000-07-05 2002-06-06 Tremain Geoffrey Donald Method and apparatus for providing computer services
US20030055894A1 (en) * 2001-07-31 2003-03-20 Yeager William J. Representing trust in distributed peer-to-peer networks
US7266779B2 (en) 2002-04-22 2007-09-04 Microsoft Corporation Application sharing security
US20040039828A1 (en) 2002-08-22 2004-02-26 International Business Machines Corporation Simulation of computer application function to assist a user

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Intranet Which Stays One Step Ahead: Drawback of Intranet Being Overcome by Original Scheme," Nikkei Open Systems, pp. 194-199, Nikkei Business Publications, Inc., Aug. 15, 1007, Japan.
Supplementary European Search Report for Application No. 03724147.8, dated May 20, 2010, 3 pages.

Also Published As

Publication number Publication date
JP2010262666A (en) 2010-11-18
US20040024890A1 (en) 2004-02-05
AU2003231024A1 (en) 2003-11-03
WO2003090103A1 (en) 2003-10-30
US7877693B2 (en) 2011-01-25
US7266779B2 (en) 2007-09-04
CN1647062A (en) 2005-07-27
US20080183817A1 (en) 2008-07-31
KR20100093605A (en) 2010-08-25
CN101149772A (en) 2008-03-26
US20110099496A1 (en) 2011-04-28
CN101149772B (en) 2012-11-14
EP1497739B1 (en) 2016-08-10
JP2005523522A (en) 2005-08-04
ES2601484T3 (en) 2017-02-15
CN1324504C (en) 2007-07-04
EP1497739A1 (en) 2005-01-19
KR101027868B1 (en) 2011-04-07
KR101027905B1 (en) 2011-04-07
KR20050010764A (en) 2005-01-28
EP1497739A4 (en) 2010-06-16

Similar Documents

Publication Publication Date Title
US8869040B2 (en) Application sharing security
US9571428B2 (en) Receiving and presenting detailed activity information regarding current and recent instant messaging sessions of remote users
US7921368B2 (en) Method and system for sensing and communicating updated status information for remote users accessible through an instant messaging system
JP4006036B2 (en) Visual access to limited features displayed in the graphical user interface
US7519912B2 (en) Method and system for sensing and communicating the use of communication modes by remote users
US6313853B1 (en) Multi-service user interface
US6467080B1 (en) Shared, dynamically customizable user documentation
US20050166154A1 (en) Enhanced instant message status message area containing time/date stamped entries and editable by others
KR960007838B1 (en) Data processing system
US20050165920A1 (en) Method and system for providing detail information about computer system users for which on-line status and instant messaging capabilities are available
US20160364085A1 (en) Instant messaging user interface
US7081904B2 (en) Methods and apparatuses for identifying remote and local services
WO2006104933A2 (en) Heterogeneous content channel manager for ubiquitous computer software systems
WO2009135418A1 (en) A method, device and system for managing topic discussion contents in real time in an instant messaging tool
US20090113328A1 (en) Multidimensional Multistate User Interface Element
US20050165891A1 (en) Method and system for sensing and communicating the recent social networking activities of a remote user
US6934737B1 (en) Method and apparatus for providing multi-level access control in a shared computer window
US20040109021A1 (en) Method, system and program product for managing windows in a network-based collaborative meeting
JP2001175379A (en) Display processing device and storage medium
CN116155845A (en) Group message processing method, group message processing device, storage medium and computer program product
JP2020042702A (en) Information processor and program
JP2020042701A (en) Information processor and program
JPH08147129A (en) Interactive operation device
WO2011046558A1 (en) Zooming graphical editor

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034544/0001

Effective date: 20141014

AS Assignment

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:JEAN-LAURENT HUYNH;REEL/FRAME:038772/0497

Effective date: 20070621

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551)

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8